Password Management In Healthcare
Guest post by Dean Wiech, managing director, Tools4ever.
Passwords are everywhere. Despite the endless headlines about their death and sure destruction in countless publications across the globe, passwords are and will continue to be used in nearly every business setting for the foreseeable future. Whether you’re a physician making the rounds in a hospital, a mechanic at a service garage, a CIO for a major software firm, a bank teller logging into several applications to assist customers or an employee at a manufacturer, chances are better than average that you access these systems with a user name and password.
Organizations of all sizes use credentials for their employees to ensure security of the information in their systems, and to protect against unwanted access to the data in the systems. As with any solution used, once in play there’s bound to be some issues incurred with these passwords. Regardless of how many passwords employees need to remember and how often they need assistance to reset them, passwords remain crucial ingredient to a network’s security protocols.
Passwords: Where We Have Come
The first passwords were created in the 1960s for MIT’s Compatible Time-Sharing System. Passwords were first used because several users needed to access the system as unique entities. Each user created a password, which were then stored on the computer system. However, program leaders soon learned that this method of storage did not work after one user who wanted more time on the computer simply printed out the passwords from the machine and logged in as a different user than himself – since each user was only granted so much time per week under their identity. Thus, program leaders discovered that program needed more secure methods for password usage and storage. This also was likely the first recorded data breach anywhere in the world.
The next phase led to encrypted passwords so that no one could easily go in to steal all of the users’ credentials, as was the case at MIT. Passwords began protecting secure information rather than just taking on a gatekeeper role. As they spread into business and workplaces worldwide, passwords became encryption devices that could not easily be hacked or pilfered.
Finally, millions of organizations began to rely on computers, obviously, for all of their business needs and users needed to enter credentials for each system they needed to access. To easily remember all of these passwords, users began to either user very simple passwords or the same password for each system. Again this became an issue since hackers utilized tools to easily compromise the password and gain access to the systems.
Where We Are Today
Welcome to today. As we know, organizations are overwhelmed by the issue of password breaches. Solution? To mitigate this problem, organizations often require employees to use complex passwords, each unique to the different systems they are using. To say the least, this process has evolved into a difficult mental exercise. According to a recent Tools4ever survey, end users access up to an average of 12 different systems and applications to perform their jobs. Humans are usually only capable of remembering about six complex passwords at the most. The rest get written down or filed on some random Excel sheet on the computer’s desktop. So what are they doing to remember all of their credentials?
Of course this defeats the purpose of the use of complex passwords for security, and often leads to frustration of users who take their anger out on the help desk, which is usually overwhelmed by such problems already. Think customer service is considered quality in these organizations? Usually not when these types of processes are in place.
The problems don’t end there. Employee productivity is cut when they must deal with these types of password maintenance issues. For example, every day in a typical healthcare setting, 91 minutes are wasted because of inefficient systems and workflows. On average, healthcare providers login to workstations and applications 70 times per day and spend an average of only 46 percent of their time on direct patient care.
Think of the great things your teams could do if they didn’t have to worry about logging in and out of workstations as they care for patients. While the data accessed may differ from department to department and facility to facility, what remains the same is the fact that, if multiple passwords and login credentials are in-play, there is a high probability that productivity is being negatively impacted. Providing direct access to systems and tools when and where it’s needed is key.
Password issues can also have a huge effect on your employee’s productivity. Think about how long it takes to resolve an issue when an employee is locked out of their account and needs to get a password reset? They need to contact the helpdesk, start a ticket, request that the helpdesk team resets the password, log in then get back to the work they need to accomplish. All of this is time that is taken away from the project they are working on, or the patient they are supposed to be helping. On the technical side, depending on the size of the organization, password management can require a full-time position at a large organization, since one of the top calls to the helpdesk is for password resets.
Another problem with passwords: all the steps, or “clicks,” and authentication processes some employees need to take just to access their applications. When time is critical, such as in hospitals, or when customer service is a priority, every minute counts and passwords can become a deterrent. If nothing else, they can be a time waster, as the 91 lost minutes suggests.
When these issues start to effect productivity of your employees is when it becomes an issue. So as the password and authentication process has evolved and become increasingly complex, how can organizations easily resolve the issues that have come about?